Identity theft is currently one of the fastest-growing financial crimes worldwide. Reports indicate that up to 750,000 identities were stolen in the U.S. during 2001, which corresponds to up to 30 million stolen credit card, checking, telecommunications and other accounts. During this same year the direct losses accruing to credit and service grantors as a consequence of accounts created by means of identity theft has been estimated at over $3 billion in financial services and $35 billion across other vertical markets. Account “takeover”, in which control of an account relationship is established through identity theft, is similarly on the rise.
Identity theft may be perpetuated in a variety of ways, but has recently been facilitated by the increasing prevalence of Internet-based transactions. Issuer's credit and debit card accounts, and associated identification information, are compromised daily on the Internet and that information is exchanged in public “chat rooms” for use by fraudsters. In particular, this identification and account information is accessible by fraudsters who scan the Internet for legitimate web sites employing sub-standard security measures. Once such sites are identified by fraudsters, they may be continually exploited through capture of all of the sensitive card and consumer identity information provided by consumers.
A number of commercial entities are involved in the business of attempting to limit credit card and other types of fraud related to identity theft. In general, the methods employed by these entities operate to expose potentially fraudulent transactions by determining that they are not in accord with established usage patterns of a particular card or account. Such usage patterns may be functions of, for example, geographic location, vendor, type of merchandise or service, and frequency of use. Use of these methods typically results in notification of a merchant or issuer only when there is a deviation from an established or predictable usage pattern.
Various proposed techniques to address fraud rely upon improved identification of known fraudulent names, fraudulent addresses, fraudulent phone numbers, fraudulent social security numbers, and other fraudulent personal information. These techniques are predicated upon the fact that a substantial percentage of number of fraud cases are perpetrated by repeat offenders or organized groups which utilize the same set of fraudulent personal information. In one such technique personal data known to be fraudulent is pooled in a central database. Applications for purchasing cards or other consumer accounts are then sent to the fraud database for inspection. The information on the application is then compared with the fraudulent information content within the database. If a match is identified, the merchant is alerted that an attempted fraud may be occurring. Unfortunately, these types of “matching” systems may exhibit a proclivity of generating “false positives” and inappropriately warning merchants of potential fraudulent acts. This is because while certain information within an application submitted by a merchant may match information within the database known to have been fraudulently used, an alert is generally sent to the merchant even if other portions of the merchant application are not identified as corresponding to such fraudulent information. That is, the reliability of the match is typically not determined, nor is an indication of such reliability provided to the merchant. Unfortunately, the likelihood of generating a false positive match and sending a corresponding alert to the applicable merchant indication is increased in the absence of such reliability information.